Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
{ "vanir_signatures": [ { "id": "CVE-2016-10070-68608b74", "digest": { "length": 11010.0, "function_hash": "228678083036095774681467336683464649209" }, "signature_type": "Function", "deprecated": false, "target": { "file": "coders/mat.c", "function": "ReadMATImage" }, "signature_version": "v1", "source": "https://github.com/imagemagick/imagemagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455" }, { "id": "CVE-2016-10070-7ae0ecc2", "digest": { "length": 11023.0, "function_hash": "100542800754363567782106591142409616134" }, "signature_type": "Function", "deprecated": false, "target": { "file": "coders/mat.c", "function": "ReadMATImage" }, "signature_version": "v1", "source": "https://github.com/imagemagick/imagemagick/commit/a6240a163cb787909703d9fc649cf861f60ddd7c" }, { "id": "CVE-2016-10070-af357e78", "digest": { "line_hashes": [ "104979937262347713278373044487411267202", "175834825612476563933057226562340664836", "283322184526029343880825074926793675018", "215957794696520767711439946383935888901" ], "threshold": 0.9 }, "signature_type": "Line", "deprecated": false, "target": { "file": "coders/mat.c" }, "signature_version": "v1", "source": "https://github.com/imagemagick/imagemagick/commit/a6240a163cb787909703d9fc649cf861f60ddd7c" }, { "id": "CVE-2016-10070-b6c2d3e9", "digest": { "line_hashes": [ "104979937262347713278373044487411267202", "175834825612476563933057226562340664836", "283322184526029343880825074926793675018", "215957794696520767711439946383935888901" ], "threshold": 0.9 }, "signature_type": "Line", "deprecated": false, "target": { "file": "coders/mat.c" }, "signature_version": "v1", "source": "https://github.com/imagemagick/imagemagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455" } ] }